40 matches found
OpenAM 授权问题漏洞
OpenAM is an all-in-one access management solution organized by the OpenAM Consortium. It provides authentication, authorization, delegation and federation capabilities. An authorization issue vulnerability exists in Open Access Management OpenAM versions 14.7.2 and earlier, which stems from an...
openaccess.inist.fr Cross Site Scripting vulnerability OBB-3471063
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
SUSE CVE-2021-32917
An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth...
PT-2022-26919 · Jenkins · Jenkins 360 Fireline Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins 360 FireLine Plugin versions 1.7.2 and earlier Description: The issue concerns the Jenkins 360 FireLine Plugin, which programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived...
CVE-2022-23974 Pinot segment push endpoint has a vulnerability in unprotected environments
In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release...
PT-2021-21854 · Meross · Meross Smart Wi-Fi 2 Way Wall Switch
Name of the Vulnerable Software and Affected Versions: Meross Smart Wi-Fi 2 Way Wall Switch MSS550X versions 3.1.3 and earlier Description: The issue allows a remote attacker to obtain the Wi-Fi SSID and the password configured by the user from the Meross app via an Http/JSON plain request. This ...
CVE-2021-32917
An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth...
DEBIAN-CVE-2021-32917
An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth...
CVE-2021-32917
An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth...
CVE-2021-32917
An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth...
CVE-2021-32917
An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth...
PT-2021-4054 · Prosody +2 · Prosody +2
Name of the Vulnerable Software and Affected Versions: Prosody versions prior to 0.11.9 Description: The issue is related to the proxy65 component of the Prosody server for Jabber/XMPP, which allows open access by default. This can be exploited by a remote attacker to cause a denial of service,...
EPrints Cross-Site Scripting Vulnerability
EPrints is a free open source software package for building open access repositories compliant with the OAI-PMH protocol. A reflected cross-site scripting vulnerability exists in the dataset parameter of the cgi/datasetdictionary URI in EPrints 3.4.2. No detailed vulnerability details are provide...
EPrints 安全漏洞
EPrints is a free open source software package for building open access repositories compliant with the OAI-PMH protocol. EPrints 3.4.2 suffers from a command injection vulnerability. A remote attacker can exploit this vulnerability by entering specially crafted data into cgi/cal?year= URI to...
Privacy and Security of Data at Universities
Interesting paper: "Open Data, Grey Data, and Stewardship: Universities at the Privacy Frontier," by Christine Borgman: Abstract: As universities recognize the inherent value in the data they collect and hold, they encounter unforeseen challenges in stewarding those data in ways that balance...
Mail.ru: Получаем все домены и поддомены icq с помощью amazonaws.com [config,txt]
Открытый доступ к config.txt на амазоне где лежат все ваши домены и поддомены "api.icq.net": "api.ic2ster.com", "bos.icq.net": "bos.ic2ster.com", "api.login.icq.net": "apilogin.ic2ster.com", "icq.com": "www.ic2ster.com ", "www.icq.com ": "www.ic2ster.com ", "files.icq.com": "files-com.ic2ster.com...
RIP Aaron Swartz, A legendary Internet Activist
Aaron Swartz has committed suicide on January 11, 2013 in New York City. I have long been fought if you write something about this extraordinary boy, but not dedicate a tribute would be a shame. Aaron Swartz has decided to leave a huge void in the IT scenario. For me, as the entire world he is a...
Verizon Settles with FCC for $1.25 Million Over Tethering Block
In an unprecedented move, the Federal Communications Commission ended a 10-month investigation of Verizon Wireless with a $1.25 million settlement for restricting Android customer access to “tethering” software used to relay Internet signals to other devices. The federal probe was launched after...
Harvard researcher arrested on hacking charges
Harvard researcher arrested on hacking charges A Harvard researcher Aaron Swartz has been arrested in Boston for broke into the computer networks at the Massachusetts Institute of Technology to gain access to JSTOR, a non-profit online service for distributing scholarly articles, and downloaded 4...
Harvard researcher arrested on hacking charges
Harvard researcher arrested on hacking charges A Harvard researcher Aaron Swartz has been arrested in Boston for broke into the computer networks at the Massachusetts Institute of Technology to gain access to JSTOR, a non-profit online service for distributing scholarly articles, and downloaded 4...